Tech Tip : CA Single Sign-On : IWA + Federation Configuration Issues

Document created by Osarobo_Idehen Employee on Aug 11, 2017
Version 1Show Document
  • View in full screen mode

Issue:


We are facing issues while Federating via IWA from the IDP to an external SP

The issue occurs only with persistent sessions.

 

 

smps.log:

[2496/4800][Mon Sep 26 2016 11:12:56][IsAuthorized.cpp:70][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : UserNameIDValue.SP.21-7aac6f7f-ecab-4862-91ba-04632dbde4ed

[2496/4800][Mon Sep 26 2016 11:12:56][SmSessionServer.cpp:785][ERROR][sm-Server-06007] failed. Error code : 2

[2496/4800][Mon Sep 26 2016 11:12:56][IsAuthorized.cpp:70][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : UserNameIDFormat.SP.21-7aac6f7f-ecab-4862-91ba-04632dbde4ed

[2496/4800][Mon Sep 26 2016 11:12:56][SmSessionServer.cpp:785][ERROR][sm-Server-06007] failed. Error code : 2

[2496/4800][Mon Sep 26 2016 11:12:56][IsAuthorized.cpp:70][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : SessionIndex.SP.21-7aac6f7f-ecab-4862-91ba-04632dbde4ed

[2496/4800][Mon Sep 26 2016 11:12:56][SmSessionServer.cpp:785][ERROR][sm-Server-06007] failed. Error code : 2

[2496/4800][Mon Sep 26 2016 11:12:56][IsAuthorized.cpp:70][ERROR][sm-Server-02740] SmSessionVariableProvider::SetSessionVariable() - SetVariable Failed for : StateSLO.SP.21-7aac6f7f-ecab-4862-91ba-04632dbde4ed

 

[2496/4800][Mon Sep 26 2016 11:12:56][AssertionGenerator.java][ERROR][sm-FedServer-00130] postProcess() returns fatal error. Can not save the SLO information into session store.

 


Environment:

 

Policy server version is 12.52SP02CR01 SPS 12.52SP1



Cause:


You face this error because you've enable the "Windows User Security Context", and you're Web Server probably don't meet the requirements.

 


Resolution:


Turning off the option "Use Authenticated user's security context" in the AD User Directory definition resolves the issue

 

 

KD : TEC1405517

Attachments

    Outcomes